How to mitigate the key vulnerabilities associated with IoT

From where we stand, it’s hard to see the development of technology moving forward at the amazing pace it is – the world of the ‘Internet of Things’ (IoT) being a prime example. With millions of devices being connected to the internet on an almost daily basis, the opportunities IoT presents to businesses are exponential. While this is an incredibly exciting time to be a part of, there are a number of risks associated with IoT for both businesses and personal users.

At present, the most common business approach to risk management, is a ‘here and now’ thinking. Where the process of mitigating the potential negative impact exploiting vulnerabilities can create, starts with understanding vulnerable scenarios, typically against industry standards or security baselines. While this is a reasonable way to deal with this problem, it can blind organisations to ‘real-world’ considerations that are highly likely to be tomorrow’s norm.

Though none of us can see the future, we can at least consider and prepare for some of the most likely outcomes that could be associated with the IoT. In particular, business leaders should start to think about the following three issues tied up with IoT and how best to reduce the risks they pose to enterprise.

Growing Pains

Most of us moving into the world of IoT start small. Developing viable use-cases, we explore technology options, build partnerships and ultimately, move into owning, operating, or becoming part of an IoT ecosystem. While we remain small, everything is manageable. Processes are simple and functional, the skills remain in the hands of a few, and control is reasonably cheap to maintain.

However, the positive impact of demand can bring negative consequences. Processes can start to scale poorly, compliance with regulation becomes more difficult, and costs can grow to the point where re-architecting or technology transformation is needed to curb growing operating impacts.

Preparing for important milestones such as scaling is an action that can be taken right now. Granted, in the world of IoT, it’s the sheer rate of scale that leads many businesses to fall at these growth pain hurdles. Nonetheless, there are some ways in which companies can overcome these.

Close collaboration between the engineers managing the IoT estate and those planning business opportunities is critical. Good relationships are the key to mitigating any issue, technological or not. Further, it’s important to grow your team’s knowledge with your company growth, as this will reduce any chance of a skills gap within your workforce.

Crucially, companies need to ensure that they have a clear and concise technology and operational strategy for when the scale reaches certain levels. The ‘get going quick’ solutions are not fit for purpose and will come back to haunt you further down the line.

Costs driving us into the ‘Fog’

Many IoT platform and solution providers already fully recognise the need to avoid low unit costs for extensive IoT networks growing disproportionately. As such, providers are developing additional, impressive features and functionality that operate on the edge gateway devices rather than in central cloud platforms.

Not only can this can dramatically reduce data flow volumes, it can also enable scaling up to be more cost effective. This trend of moving compute and analysis into the edge gateway devices is likely to continue for some time, as we move the intelligence from the core and into the ‘Fog’.

However, it’s imperative that you start to focus on edge security sooner rather than later, or you risk leaving yourself exposed to security vulnerabilities in the long run. This ‘fog transition’ requires businesses to better prepare for strong security and control of edge gateway and sensor devices before the vulnerability has been exposed.

A good approach to securing solutions, systems and IPs is to centralise and then secure. Many of these edge devices have small footprints, low power and non-industrial small compute or microcontroller hardware. As such, even greater effort and focus is required to maintain their integrity to attack patterns.

Be prepared for GDPR

Many businesses are yet to fully understand all aspects of the General Data Protection Regulation (GDPR) that comes into force in May 2018; indeed, even ICO guidance is still a work in progress. Just like the DPA, the GDPR applies to personal data and of course, we are likely to have varying degrees of personal data within our IoT platforms or networks. Irrespective of who controls or processes the data, businesses must start preparing for these new regulations immediately, and understand what they mean for existing IoT solutions.

To ensure compliancy, working closely with your internal audit or compliance functions when attending to matters of regulation or standard accreditation will be essential – especially when dealing with personal data. Further make sure your IoT network is well documented and identified so you have a strong understanding of all data flowing through your network from entrance to exit.

Businesses must also ensure that data is only kept for the period required and for its original purpose. We must overcome the hording attitude and temptation that all data ‘could be useful one day’!

In today’s climate, it is impossible to predict how advances in technology will develop, especially given the incredibly fast pace of progress. However, businesses should start to prepare now for the potential future vulnerabilities associated with this rapid technological expansion. Ensuring that internal teams grow with the technology, security measures are implemented in the edge networks and the business is GDPR compliant will mean that any vulnerabilities can be quashed before they lead to profound consequences.

CTO, Mark Hunt leads the technology, operational sustainability and integration of products at Oneserve, the award-winning cloud-based Predictive Field Service Management software provider that delivers solutions to a range of private and public sectors.